feat: password reset, email change with verification, and password change

Password reset: multi-app support with custom notification linking to correct frontend (app/portal/admin). Email change: self-service with password confirmation and admin-initiated, both sending verification to new address with 24h expiry. Confirmation sent to old email on completion. Password change: authenticated endpoint revoking other sessions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 15:38:54 +02:00
parent 53100d4f6d
commit 836cffa232
42 changed files with 2643 additions and 67 deletions
--- a/api/app/Mail/EmailChangedConfirmationMail.php
+++ b/api/app/Mail/EmailChangedConfirmationMail.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Mail;
+
+use App\Models\User;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Mail\Mailable;
+use Illuminate\Mail\Mailables\Content;
+use Illuminate\Mail\Mailables\Envelope;
+use Illuminate\Queue\SerializesModels;
+
+final class EmailChangedConfirmationMail extends Mailable implements ShouldQueue
+{
+    use Queueable;
+    use SerializesModels;
+
+    public function __construct(
+        public User $user,
+        public string $oldEmail,
+        public string $newEmail,
+    ) {}
+
+    public function envelope(): Envelope
+    {
+        return new Envelope(
+            subject: 'Je e-mailadres is gewijzigd — Crewli',
+        );
+    }
+
+    public function content(): Content
+    {
+        return new Content(
+            markdown: 'emails.email-changed-confirmation',
+            with: [
+                'userName' => $this->user->first_name,
+                'newEmail' => $this->newEmail,
+            ],
+        );
+    }
+}
--- a/api/app/Mail/VerifyEmailChangeMail.php
+++ b/api/app/Mail/VerifyEmailChangeMail.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Mail;
+
+use App\Models\User;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Mail\Mailable;
+use Illuminate\Mail\Mailables\Content;
+use Illuminate\Mail\Mailables\Envelope;
+use Illuminate\Queue\SerializesModels;
+
+final class VerifyEmailChangeMail extends Mailable implements ShouldQueue
+{
+    use Queueable;
+    use SerializesModels;
+
+    public function __construct(
+        public User $user,
+        public string $newEmail,
+        public string $token,
+        public string $frontendUrl,
+        public User $requestedBy,
+    ) {}
+
+    public function envelope(): Envelope
+    {
+        return new Envelope(
+            subject: 'Bevestig je nieuwe e-mailadres — Crewli',
+        );
+    }
+
+    public function content(): Content
+    {
+        $verifyUrl = $this->frontendUrl . '/verify-email-change?token=' . $this->token;
+        $isSelfChange = $this->user->id === $this->requestedBy->id;
+
+        return new Content(
+            markdown: 'emails.verify-email-change',
+            with: [
+                'verifyUrl' => $verifyUrl,
+                'userName' => $this->user->first_name,
+                'isSelfChange' => $isSelfChange,
+                'requestedByName' => $this->requestedBy->full_name,
+            ],
+        );
+    }
+}